pkgsrc change: remove pkglint warning.
0.29.0.gfm.1 (2021-09-14)
* Fixed denial of service bug in GFM's table extension per
GHSA-7gc6-9qr5-hc85
0.29.0.gfm.2 (2021-09-16)
* Fixed issues with footnote rendering when used with the autolinker (#121),
and when footnotes are adjacent (#139).
* We now allow footnotes to be referenced from inside a footnote definition,
we use the footnote label for the fnref href text when rendering html, and
we insert multiple backrefs when a footnote has been referenced multiple
times (#229, #230)
* We added new data- attributes to footnote html rendering to make them
easier to style (#234)
0.29.0.gfm.3 (2022-03-03)
* Fixed heap memory corruption vulnerabiliy via integer overflow per
GHSA-mc3g-88wq-6f4x
0.29.0.gfm.4 (2022-05-31)
* Remove source from list of HTML block elements per
commonmark/commonmark-spec#710
0.29.0.gfm.5 (2022-08-25)
* Added xmpp: and mailto: support to the autolink extension
0.29.0.gfm.6 (2022-09-15)
* Fixed polynomial time complexity DoS vulnerability in autolink extension
per GHSA-cgh3-p57x-9q7q
0.29.0.gfm.7 (2023-01-23)
* Fixed CVE-2023-22486, a polynomial time complexity issue in cmark-gfm
which may lead to unbounded resource exhaustion and subsequent denial of
service.
* Fixed CVE-2023-22485, in which a crafted markdown document could trigger
an out-of-bounds read in the validate_protocol function.
* Fixed CVE-2023-22484, a polynomial time complexity issue in cmark-gfm
which may lead to unbounded resource exhaustion and subsequent denial of
service.
* Fixed CVE-2023-22483, several polynomial time complexity issues in
cmark-gfm which may lead to unbounded resource exhaustion and subsequent
denial of service.
* We removed an unneeded .DS_Store file (#291)
* We added a test for domains with underscores and fix roundtrip behavior
(#292)
* We now use an up-to-date clang-format (#294)
* We made a variety of implicit integer truncations explicit by moving to
size_t as our standard size integer type (#302)
* We introduced a new flag mechanism that is used in cmark node state
management, which requires clients call the cmark_init_standard_node_flags
function at program startup (420c20a)
The security issues were reported and resolved by @kevinbackhouse and
@philipturnbull of the GitHub Security Lab
0.29.0.gfm.8 (2023-01-25)
* We restored backwards compatibility by deprecating the
cmark_init_standard_node_flags() requirement, which is now a noop (#305)
* We added a quadratic complexity fuzzing target (#304)
0.29.0.gfm.9 Latest (2023-01-31)
Code was tidied:
* Use of a private header was cleaned up #248
* Man page was update #255
* Warnings for -Wstrict-prototypes were cleaned up #285
* We avoid header duplication #289
New functionality:
* We now store positioning info for url_match #201
* We now expose cmark_parent_footnote_def for non-C renderers #254
* Footnote aria-label text now reference the specific footnote backref, and
we include a data-footnote-backref-idx attribute so the label can be
internationalized in a downstream filter #307
972976254d